min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

De-enumify X509ValidationError 

Also make it an Error.

Closes #352.
This commit is contained in:
Steven Fackler 2016-10-18 22:10:37 -07:00
parent 080050e10d
commit cfd5192a7d
2 changed files with 62 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openssl-sys/src/lib.rs
View File

@ -731,6 +731,7 @@ extern {
pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY; pub fn X509_get_pubkey(x: *mut X509) -> *mut EVP_PKEY;
pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ; pub fn X509_to_X509_REQ(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> *mut X509_REQ;
pub fn X509_verify_cert_error_string(n: c_long) -> *const c_char;
pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION); pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION);

139
openssl/src/x509/mod.rs
View File

@ -1,14 +1,15 @@
use libc::{c_char, c_int, c_long, c_ulong, c_void}; use libc::{c_char, c_int, c_long, c_ulong, c_void};
use std::cmp; use std::cmp;
use std::ffi::CString;
use std::mem;
use std::ptr;
use std::ops::Deref;
use std::fmt;
use std::str;
use std::slice;
use std::collections::HashMap; use std::collections::HashMap;
use std::error::Error;
use std::ffi::{CStr, CString};
use std::fmt;
use std::marker::PhantomData; use std::marker::PhantomData;
use std::mem;
use std::ops::Deref;
use std::ptr;
use std::slice;
use std::str;
use {cvt, cvt_p}; use {cvt, cvt_p};
use asn1::Asn1Time; use asn1::Asn1Time;
@ -100,14 +101,19 @@ impl X509StoreContext {
} }
pub fn error(&self) -> Option<X509ValidationError> { pub fn error(&self) -> Option<X509ValidationError> {
let err = unsafe { ffi::X509_STORE_CTX_get_error(self.ctx) }; unsafe {
X509ValidationError::from_raw(err) let err = ffi::X509_STORE_CTX_get_error(self.ctx) as c_long;
if err == ffi::X509_V_OK as c_long {
None
} else {
Some(X509ValidationError::from_raw(err))
}
}
} }
pub fn current_cert<'a>(&'a self) -> Option<X509Ref<'a>> { pub fn current_cert<'a>(&'a self) -> Option<X509Ref<'a>> {
unsafe { unsafe {
let ptr = ffi::X509_STORE_CTX_get_current_cert(self.ctx); let ptr = ffi::X509_STORE_CTX_get_current_cert(self.ctx);
if ptr.is_null() { if ptr.is_null() {
None None
} else { } else {
@ -685,82 +691,53 @@ impl<'a> Iterator for ExtensionsIter<'a> {
} }
} }
macro_rules! make_validation_error( pub struct X509ValidationError(c_long);
($ok_val:ident, $($name:ident = $val:ident,)+) => (
#[derive(Copy, Clone)] impl fmt::Debug for X509ValidationError {
pub enum X509ValidationError { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
$($name,)+ fmt.debug_struct("X509ValidationError")
X509UnknownError(c_int) .field("code", &self.0)
.field("error", &self.error_string())
.finish()
}
}
impl fmt::Display for X509ValidationError {
fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
fmt.write_str(self.error_string())
}
}
impl Error for X509ValidationError {
fn description(&self) -> &str {
"an X509 validation error"
}
} }
impl X509ValidationError { impl X509ValidationError {
#[doc(hidden)] /// Creates an `X509ValidationError` from a raw error number.
pub fn from_raw(err: c_int) -> Option<X509ValidationError> { ///
match err { /// # Safety
ffi::$ok_val => None, ///
$(ffi::$val => Some(X509ValidationError::$name),)+ /// Some methods on `X509ValidationError` are not thread safe if the error
err => Some(X509ValidationError::X509UnknownError(err)) /// number is invalid.
pub unsafe fn from_raw(err: c_long) -> X509ValidationError {
X509ValidationError(err)
} }
}
}
)
);
make_validation_error!(X509_V_OK, pub fn as_raw(&self) -> c_long {
X509UnableToGetIssuerCert = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, self.0
X509UnableToGetCrl = X509_V_ERR_UNABLE_TO_GET_CRL, }
X509UnableToDecryptCertSignature = X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
X509UnableToDecryptCrlSignature = X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, pub fn error_string(&self) -> &'static str {
X509UnableToDecodeIssuerPublicKey = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, ffi::init();
X509CertSignatureFailure = X509_V_ERR_CERT_SIGNATURE_FAILURE,
X509CrlSignatureFailure = X509_V_ERR_CRL_SIGNATURE_FAILURE, unsafe {
X509CertNotYetValid = X509_V_ERR_CERT_NOT_YET_VALID, let s = ffi::X509_verify_cert_error_string(self.0);
X509CertHasExpired = X509_V_ERR_CERT_HAS_EXPIRED, str::from_utf8(CStr::from_ptr(s).to_bytes()).unwrap()
X509CrlNotYetValid = X509_V_ERR_CRL_NOT_YET_VALID, }
X509CrlHasExpired = X509_V_ERR_CRL_HAS_EXPIRED, }
X509ErrorInCertNotBeforeField = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, }
X509ErrorInCertNotAfterField = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD,
X509ErrorInCrlLastUpdateField = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
X509ErrorInCrlNextUpdateField = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD,
X509OutOfMem = X509_V_ERR_OUT_OF_MEM,
X509DepthZeroSelfSignedCert = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
X509SelfSignedCertInChain = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,
X509UnableToGetIssuerCertLocally = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
X509UnableToVerifyLeafSignature = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE,
X509CertChainTooLong = X509_V_ERR_CERT_CHAIN_TOO_LONG,
X509CertRevoked = X509_V_ERR_CERT_REVOKED,
X509InvalidCA = X509_V_ERR_INVALID_CA,
X509PathLengthExceeded = X509_V_ERR_PATH_LENGTH_EXCEEDED,
X509InvalidPurpose = X509_V_ERR_INVALID_PURPOSE,
X509CertUntrusted = X509_V_ERR_CERT_UNTRUSTED,
X509CertRejected = X509_V_ERR_CERT_REJECTED,
X509SubjectIssuerMismatch = X509_V_ERR_SUBJECT_ISSUER_MISMATCH,
X509AkidSkidMismatch = X509_V_ERR_AKID_SKID_MISMATCH,
X509AkidIssuerSerialMismatch = X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
X509KeyusageNoCertsign = X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
X509UnableToGetCrlIssuer = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER,
X509UnhandledCriticalExtension = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
X509KeyusageNoCrlSign = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN,
X509UnhandledCriticalCrlExtension = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
X509InvalidNonCA = X509_V_ERR_INVALID_NON_CA,
X509ProxyPathLengthExceeded = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED,
X509KeyusageNoDigitalSignature = X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE,
X509ProxyCertificatesNotAllowed = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED,
X509InvalidExtension = X509_V_ERR_INVALID_EXTENSION,
X509InavlidPolicyExtension = X509_V_ERR_INVALID_POLICY_EXTENSION,
X509NoExplicitPolicy = X509_V_ERR_NO_EXPLICIT_POLICY,
X509DifferentCrlScope = X509_V_ERR_DIFFERENT_CRL_SCOPE,
X509UnsupportedExtensionFeature = X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE,
X509UnnestedResource = X509_V_ERR_UNNESTED_RESOURCE,
X509PermittedVolation = X509_V_ERR_PERMITTED_VIOLATION,
X509ExcludedViolation = X509_V_ERR_EXCLUDED_VIOLATION,
X509SubtreeMinmax = X509_V_ERR_SUBTREE_MINMAX,
X509UnsupportedConstraintType = X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE,
X509UnsupportedConstraintSyntax = X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX,
X509UnsupportedNameSyntax = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX,
X509CrlPathValidationError= X509_V_ERR_CRL_PATH_VALIDATION_ERROR,
X509ApplicationVerification = X509_V_ERR_APPLICATION_VERIFICATION,
);
/// A collection of OpenSSL `GENERAL_NAME`s. /// A collection of OpenSSL `GENERAL_NAME`s.
pub struct GeneralNames { pub struct GeneralNames {